/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package sgt.supermarket.controller.security;

import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sgt.supermarket.entity.Employee;
import sgt.supermarket.hibernatedao.HibernateDAOFactory;

/**
 *
 * @author Administrator
 */
public class ChangePassword extends HttpServlet {

    /** 
     * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    private static final int PASSWORD_MIN_LENGTH = 3;

    protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        if (request.getMethod().equalsIgnoreCase("post")) {
            String oldPassword = request.getParameter("oldPassword");
            String newPassword = request.getParameter("newPassword");
            String confirmedNewPassword = request.getParameter("confirmedNewPassword");
            String msg = null;
            if (oldPassword.isEmpty()) {
                msg = "You must specify a current password.";
            } else if (newPassword == null || newPassword.length() < PASSWORD_MIN_LENGTH) {
                msg = String.format("You must specify a new password of at least %d characters.", PASSWORD_MIN_LENGTH);
            } else if (!newPassword.equals(confirmedNewPassword)) {
                msg = "The new password and confirmation password do not match.";
            } else {
                HibernateDAOFactory factory = new HibernateDAOFactory();
                String username = request.getRemoteUser();
                Employee employee = factory.getEmployeeDAO().getByUsername(username);
                if (employee.getPassword().equals(oldPassword)) {
                    employee.setPassword(newPassword);
                    factory.getEmployeeDAO().save(employee);
                    msg = "Your password has been changed.";
                } else {
                    msg = "The current password is incorrect or the new password is invalid.";
                }
            }
            request.setAttribute("msg", msg);
        }
        request.setAttribute("title", "Change your password");
        request.getRequestDispatcher("/security.changePassword.tiles").forward(request, response);

    }

    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
    /** 
     * Handles the HTTP <code>GET</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /** 
     * Handles the HTTP <code>POST</code> method.
     * @param request servlet request
     * @param response servlet response
     * @throws ServletException if a servlet-specific error occurs
     * @throws IOException if an I/O error occurs
     */
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        processRequest(request, response);
    }

    /** 
     * Returns a short description of the servlet.
     * @return a String containing servlet description
     */
    @Override
    public String getServletInfo() {
        return "Short description";
    }// </editor-fold>
}
